Manualshelf

User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 0.99.5
919293949596979899100
5.2. Open capture files
Wireshark can read in previously saved capture files. To read them, simply select the menu or tool-
bar item: "File/ Open". Wireshark will then pop up the File Open dialog box, which is dis-
cussed in more detail in Section 5.2.1, “The "Open Capture File" dialog box”.
It's convenient to use drag-and-drop!
... to open a file, by simply dragging the desired file from your file manager and drop-
ping it onto Wireshark's main window. However, drag-and-drop is not available/won't
work in all desktop environments.
If you didn't save the current capture file before, you will be asked to do so, to prevent data loss (this
behaviour can be disabled in the preferences).
In addition to its native file format (libpcap format, also used by tcpdump/WinDump and other libp-
cap/WinPcap-based programs), Wireshark can read capture files from a large number of other pack-
et capture programs as well. See Section 5.2.2, “Input File Formats” for the list of capture formats
Wireshark understands.
5.2.1. The "Open Capture File" dialog box
The "Open Capture File" dialog box allows you to search for a capture file containing previously
captured packets for display in Wireshark. Table 5.1, “The system specific "Open Capture File" dia-
log box” shows some examples of the Wireshark Open File Dialog box.
The dialog appearance depends on your system!
The appearance of this dialog depends on the system and GTK+ toolkit version used.
However, the functionality remains basically the same on either system.
Common dialog behaviour on all systems:
Select files and directories.
Click the Open/Ok button to accept your selected file and open it.
Click the Cancel button to go back to Wireshark and not load a capture file.
Wireshark extensions to the standard behaviour of these dialogs:
View file preview information (like the filesize, the number of packets, ...), if you've selected a
capture file.
Specify a display filter with the "Filter:" button and filter field. This filter will be used when
opening the new file. The text field background becomes green for a valid filter string and red
for an invalid one. Clicking on the Filter button causes Wireshark to pop up the Filters dialog
box (which is discussed further in Section 6.3, “Filtering packets while viewing”).
XXX - we need a better description of these read filters
Specify which name resolution is to be performed for all packets by clicking on one of the "...
name resolution" check buttons. Details about name resolution can be found in Section 7.6,
“Name Resolution”.
File Input / Output and Printing
78